Libgcrypt is a general purpose cryptographic library derived out of GnuPG.
A timing attack was found in the way ECCDSA was implemented in Libgcrypt.
A local man-in-the-middle attacker, during signature generation, could possibly recover the private key.
There is no known workaround at this time.
All Libgcrypt users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libgcrypt-1.8.5"